Guest

Preview Tool

Cisco Bug: CSCvs05554 - multicast boundary configuration blocks PIM hellos when using ip multicast boundary with ACL on SVI

Last Modified

Nov 20, 2019

Products (1)

  • Cisco Catalyst 3850 Series Switches

Known Affected Releases

3.6(6)E

Description (partial)

Symptom:
PIM Hellos dropped on ingress on a C3850 switch stack when using  ip multicast boundary with ACL on SVI
tested  s/w version and it seems that multicast configuration was working in 3.6.6  code and  broke in 3.6.7 , 3.6.8 and 3.6.9 . The configuration works in code 3.7.3, 3.7.4 and 3.7.5 . Also tested in latest 16.x image i.e. 16.12.1

Conditions:
the PIM hellos from the neighboring router are arriving on physical ingress interface correctly.
The packets appear to be dropped somewhere along the path to the control plane.

the PIM Hellos should be arriving on VLAN 1001. The running configuration for SVI interface is as follows:

Standard IP access list local-multicast-bound
10 permit 239.193.0.0, wildcard bits 0.0.255.255
	
interface Vlan 1001
ip address 30.253.0.X 255.255.255.252
no ip redirects
no ip proxy-arp
ip wccp 52 redirect in
ip pim sparse-mode
ip multicast boundary local-multicast-bound <<<<<<<

The issue is caused by the multicast boundary configuration on the SVI.

This configuration is meant to filter out certain multicast groups from having Mroutes built on a given interface.
These are controlled via an ACL attached to the configuration 

For reference, PIM Hellos are sent to 224.0.0.13.

With this multicast boundary command configured, the switch stops seeing the router as a PIM Neighbor.
The neighbor router continues to see the switch (3850) as a PIM Neighbor.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.